General
-
Target
file.exe
-
Size
145KB
-
Sample
221006-sgq6gsaabl
-
MD5
259f5494172bad237d0ab5c84857dbab
-
SHA1
da375930a04399b18950d5d497e7d2680cbd742b
-
SHA256
9290fd839c6c7a5e43a7a61e09c352550a91516dc671634e56dafa7f9f3c6819
-
SHA512
4a608b4c9be23d0b1a3d4ffc666e4472488b6e641903e87046dd94aa1baea2c5be6776431cd682888672c7c193d1a7ca216abfb88cf7f282d8e44ee6dde34ac3
-
SSDEEP
3072:yXCKq9EQL/7luMcKLgQlNh16++Xcr1uueivp3vHui0hjO:yyVEQL/JBLgQpsDXa+iJvHu3
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
danabot
-
embedded_hash
EAD30BF58E340E9E105B328F524565E0
-
type
loader
Extracted
systembc
45.182.189.231:443
Targets
-
-
Target
file.exe
-
Size
145KB
-
MD5
259f5494172bad237d0ab5c84857dbab
-
SHA1
da375930a04399b18950d5d497e7d2680cbd742b
-
SHA256
9290fd839c6c7a5e43a7a61e09c352550a91516dc671634e56dafa7f9f3c6819
-
SHA512
4a608b4c9be23d0b1a3d4ffc666e4472488b6e641903e87046dd94aa1baea2c5be6776431cd682888672c7c193d1a7ca216abfb88cf7f282d8e44ee6dde34ac3
-
SSDEEP
3072:yXCKq9EQL/7luMcKLgQlNh16++Xcr1uueivp3vHui0hjO:yyVEQL/JBLgQpsDXa+iJvHu3
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-